let
  PROJECT_ROOT = builtins.toString ./.;
in
{
  nixpkgs.overlays = [
    (self: super: {
      newSealPost = pkgs.writeShellScriptBin "newSealPost.sh" (builtins.readFile ./cutesealfanpage.love/newSealPost.sh);
    })
  ];

  environment.systemPackages = [ pkgs.newSealPost ];

  services.caddy = {
    enable = true;
    virtualHosts = {
      "cutesealfanpage.love" = {
        serverAliases = [ "www.cutesealfanpage.love" ];
        extraConfig = ''
          root * ${PROJECT_ROOT}/cutesealfanpage.love/
          file_server
        '';
      };
    };
  };

  # when in doubt, clear away the certs with
  # sudo rm -rf /var/lib/acme/
  security.acme.acceptTerms = true;
  security.acme.email = "admin@cutesealfanpage.love";
  # uncomment this to use the staging server
  # security.acme.server = "https://acme-staging-v02.api.letsencrypt.org/directory";

  # services.cron = {
  #   enable = true;
  #   systemCronJobs = [
  #     # "12 12 * * *   alice   . /etc/profile; /home/alice/seal-blog/devops/newSealPost.sh > /home/alice/logs/backup.log 2>&1"
  #     # "* * * * *   alice   . /etc/profile; /home/alice/seal-blog/devops/newSealPost.sh"
  #   ];
  # };
}